[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hosting CVE discussion groups?
All, We are still reeling a bit from the overwhelming response we got from being at the SANS Network Security Conference. One of the ideas that we heard from a lot of different sources was the need for the creation of one or more (lightly moderated?) discussion groups to discuss CVE related issues. We think that the hosting of CVE related discussion groups by non-MITRE sites/organizations would be a good thing for several reasons. One, it would provide grounds for discussions among a broader range of participants. Two, it would help increase the public face of CVE support beyond MITRE. Three, hopefully this plays into the strengths of some of our Editorial Board members. We, as a board, should probably discuss what sort of ground rules, if any, should be imposed on such discussion lists. We (MITRE) believe that: a) The list should only be minimally moderated with the goal of allowing free and open discussion while protecting the list from blatant abuse and misuse. b) The list should have a designated Editorial Board member as an active participant to act as a liaison between the board and the list. The liaison would have the responsibility of keeping the Editorial Board informed of issues of importance on the list. And going in the other direction, while we expect that the liaison would typically only speak for themselves, there may be times when it would be appropriate for the liaison to "speak for the board". NOTE: at the August CVE review meeting, some members expressed concerns with people other than the chair (Steve Christey) speaking for the Editorial Board. If you and/or your organization would be interested in hosting such a forum, please contact me directly by e-mail. Dave -- ========================================================= David Mann || phone: (781) 271 - 2252 INFOSEC Engineer/Scientist, Sr || Enterprise Security Solutions || fax: (781) 271 - 3957 The MITRE Corporation || Bedford, Mass 01730 || e-mail: email@example.com